Two-factor authentication, also known as 2-step verification, provides additional security for your online accounts. Even if someone discovers your password, they’ll need a special one-time code to log in after you enable two-factor authentication on these services.
Notably absent from this list are banks and other financial institutions. It’s a shame that you can use two-factor authentication to protect your in-game currency in an MMORPG, but not the real money in your bank account.
Google / Gmail
Google offers two-factor authentication that secures your Google account, including your Gmail, files in your Google Drive, and everything else. You can use the Google Authenticator app on your smartphone or get login codes via SMS message. We’ve covered enabling two-factor authentication for Google accounts before.
You can even use Google Authenticator apps on your computer without a smartphone, although it’s more secure to do so on a separate device.
Facebook’s “Login Approvals” feature requires you to enter a code whenever you login from an unrecognized computer. The code will be sent to your mobile phone via SMS. Facebook offers instructions on setting this up.
LastPass offers a number of different two-factor authentication options to secure your account. You can use the Google Authenticator app, which is free for everyone. LastPass Premium subscribers can purchase a physical YubiKey token and use other options to secure their password database.
For more information, read our guide to setting up two-factor authentication in LastPass. We’ve also got a list of 11 ways to make your LastPass account even more secure.
Dropbox & SpiderOak
Dropbox now offers 2-step verification using the Google Authenticator app. When you log in from a computer you haven’t trusted, you’ll have to enter a security code generated by the app. Enabling this feature is one of the 6 ways to secure your Dropbox account.
Google Drive offers two-factor authentication through your Google account, while Microsoft’s SkyDrive also offers some two-factor authentication support.
SpiderOak, a Dropbox-like cloud storage service, also offers 2-factor authentication.
Microsoft offers some rudimentary two-factor authentication. It’s available when you access billing.microsoft.com, xbox.com, and SkyDrive. When you access another service with your Microsoft account – such as Outlook.com or Hotmail – you won’t be prompted for a security code. Read more about Microsoft account security codes here.
Yahoo! offers two-step verification, but only for your email. When using this feature, you’ll have to enter a code sent to your mobile phone via SMS or enter the answer to your account security question to log in. Make sure your account security question is unguessable if you use this feature – as usual, security questions are a weak link. Read more about enabling and using Yahoo!’s “Second sign-in verification” feature here.
Amazon Web Services (AWS)
Amazon offers multi-factor authentication via its AWS Virtual MFA app or Google Authenticator. This is only for AWS services, such as Amazon S3’s storage service, not for the average consumer’s Amazon account. Get started with it here.
Battle.net & MMORPGs
Massively multiplayer online role-playing games (MMORPGs) have been at the forefront of offering two-factor authentication to prevent account thefts and in-game items and currency from being sold. Blizzard offers a Battle.net Authenticator app that secures access to your World of Warcraft, Diablo 3, and Starcraft 2 logins.
Many other MMORPGs also offer two-factor authentication. For example, if you play Guild Wars 2 or Star Wars: The Old Republic, each offers two-factor authentication systems for you. Read more about enabling it for Guild Wars 2 or SWTOR.
If you host your own website, you can install a WordPress plugin or Drupal module that enables two-step authentication with the Google Authenticator app. DreamHost accounts also offer multifactor authentication with Google Authenticator, as does the CloudFlare service.
Your Linux Server
You can implement two-factor authentication on your own Linux server to increase its security. We’ve covered using the Google Authenticator PAM module to add two-step authentication to your SSH server. All the number-crunching happens on your own server; no phoning home required.
Do you use two-factor authentication for another service? Leave a comment and let us know about it.